Documentation based on repostory git version commit 1.0.12-405-gca78774
 

Module DoSProtection

This module bans user when they are sending too much packets within a given timeframe. To see the list of currently banned IPs/ports, use iptables -L.
----

Configuration options:

NameDescriptionDefault ValueType
enabledIndicate whether the module is activated. trueBoolean
filterA request/response enters module if the boolean filter evaluates to true. Ex: from.uri.domain contains 'sip.linphone.org', from.uri.domain in 'a.org b.org c.org', (to.uri.domain in 'a.org b.org c.org') && (user-agent == 'Linphone v2') BooleanExpr
time-periodNumber of milliseconds to consider to compute the packet rate 3000Integer
packet-rate-limitMaximum packet rate in packets/seconds,  averaged over [time-period] millisecond(s) to consider it as a DoS attack. 20Integer
ban-timeNumber of minutes to ban the ip/port using iptables 2Integer
iptables-chainName of the chain flexisip will create to store the banned IPs FLEXISIPString
Created by Buildbot on 2017/01/16 10:02